Skip to content

Bug: OpenSearch password strength error #772

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
oelhammouchi opened this issue Feb 15, 2025 · 0 comments · Fixed by #773
Closed

Bug: OpenSearch password strength error #772

oelhammouchi opened this issue Feb 15, 2025 · 0 comments · Fixed by #773

Comments

@oelhammouchi
Copy link
Contributor

oelhammouchi commented Feb 15, 2025
edited by alexanderankin
Loading

Describe the bug

OpenSearch container complains about password strength when using a recent image version, even when setting security_enabled=False. It seems this is the consequence of a change in version 2.12.0. There seems to be an easy fix for this, which is to replace plugins.security.disabled environment variable with DISABLE_SECURITY_PLUGIN. I opened a small PR for this, see #773.

To Reproduce

from testcontainers.opensearch import OpenSearchContainer

container = OpenSearchContainer("opensearchproject/opensearch:2.18.0")
container.start()

This will block forever waiting for the container to be ready, and the logs give the following output:

$ docker logs <container id>

Enabling OpenSearch Security Plugin
Enabling execution of install_demo_configuration.sh for OpenSearch Security Plugin
OpenSearch 2.12.0 onwards, the OpenSearch Security Plugin a change that requires an initial password for 'admin' user.
Please define an environment variable 'OPENSEARCH_INITIAL_ADMIN_PASSWORD' with a strong password string.
If a password is not provided, the setup will quit.
For more details, please visit: https://opensearch.org/docs/latest/install-and-configure/install-opensearch/docker/
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
OpenSearch install type: rpm/deb on Linux 6.1.0-17-amd64 amd64
OpenSearch config dir: /usr/share/opensearch/config/
OpenSearch config file: /usr/share/opensearch/config/opensearch.yml
OpenSearch bin dir: /usr/share/opensearch/bin/
OpenSearch plugins dir: /usr/share/opensearch/plugins/
OpenSearch lib dir: /usr/share/opensearch/lib/
Detected OpenSearch Version: 2.18.0
Detected OpenSearch Security Version: 2.18.0.0
Password admin failed validation: "Password is too short". Please re-try with a minimum 8 character password and must contain at least one uppercase letter, one lowercase letter, one digit, and one special character that is strong. Password strength can be tested here: https://lowe.github.io/tryzxcvbn

Runtime environment

Runtime environment 
Linux debian 6.1.0-17-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.69-1 (2023-12-30) x86_64 GNU/Linux

Python 3.11.2

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc., v0.20.0)
  compose: Docker Compose (Docker Inc., v2.32.4)

Server:
 Containers: 53
  Running: 2
  Paused: 0
  Stopped: 51
 Images: 365
 Server Version: 20.10.24+dfsg1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runtime.v1.linux nvidia runc io.containerd.runc.v2
 Default Runtime: nvidia
 Init Binary: docker-init
 containerd version: 1.6.20~ds1-1+b1
 runc version: 1.1.5+ds1-1+deb12u1
 init version:
 Security Options:
  apparmor
  seccomp
   Profile: default
  cgroupns
 Kernel Version: 6.1.0-17-amd64
 Operating System: Debian GNU/Linux 12 (bookworm)
 OSType: linux
 Architecture: x86_64
 CPUs: 32
 Total Memory: 62.51GiB
 Name: debian
 ID: MQZA:SAEE:WFPL:FTXS:NWZS:BZLG:B7FL:SQP3:GMZO:WMLA:5K7G:5DQ5
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

alembic==1.14.1
amqp==5.3.1
aniso8601==10.0.0
annotated-types==0.7.0
anyio==4.8.0
argon2-cffi==23.1.0
argon2-cffi-bindings==21.2.0
asgiref==3.8.1
asttokens==3.0.0
async-timeout==5.0.1
attrs==25.1.0
billiard==4.2.1
blinker==1.9.0
celery==5.4.0
certifi==2025.1.31
cffi==1.17.1
charset-normalizer==3.4.1
clean-text==0.6.0
click==8.1.8
click-didyoumean==0.3.1
click-plugins==1.1.1
click-repl==0.3.0
cryptography==44.0.1
-e git+ssh://[email protected]/exantebe/curator.git@1d399adbdbd8a4cfaa30d4b336b31a7b8c001751#egg=curator
debugpy==1.8.12
decorator==5.1.1
Deprecated==1.2.18
deprecation==2.1.0
deptry==0.21.2
docker==7.1.0
emoji==1.7.0
environs==11.2.1
Events==0.5
executing==2.2.0
factory_boy==3.3.3
Faker==36.1.1
faker-file==0.17.14
Flask==3.1.0
Flask-HTTPAuth==4.8.0
Flask-Login==0.6.3
Flask-Mail==0.10.0
Flask-Migrate==4.1.0
flask-restx==1.3.0
Flask-SQLAlchemy==3.1.1
ftfy==6.3.1
gevent==24.11.1
greenlet==3.1.1
gunicorn==23.0.0
h11==0.14.0
httpcore==1.0.7
httpx==0.28.1
idna==3.10
img2pdf==0.5.1
importlib_resources==6.5.2
inflection==0.5.1
iniconfig==2.0.0
ipython==8.32.0
itsdangerous==2.2.0
jedi==0.19.2
Jinja2==3.1.5
jsonschema==4.23.0
jsonschema-specifications==2024.10.1
kombu==5.4.2
loguru==0.7.3
lxml==5.3.1
Mako==1.3.9
Markdown==3.7
markdown-it-py==3.0.0
MarkupSafe==3.0.2
marshmallow==3.26.1
marshmallow-oneofschema==3.1.1
marshmallow-sqlalchemy==1.4.1
matplotlib-inline==0.1.7
mdurl==0.1.2
minio==7.2.15
ocrmypdf==16.9.0
ollama==0.4.7
opensearch-py==2.8.0
orjson==3.10.15
packaging==24.2
parso==0.8.4
pdfkit==1.0.0
pdfminer.six==20240706
pdoc3==0.11.5
pexpect==4.9.0
pi_heif==0.21.0
pika==1.3.2
pikepdf==9.5.2
pillow==11.1.0
pluggy==1.5.0
polling==0.3.2
prompt_toolkit==3.0.50
psycogreen==1.0.2
psycopg2==2.9.10
ptyprocess==0.7.0
pure_eval==0.2.3
py-healthcheck==1.10.1
py-spy==0.3.14
pycparser==2.22
pycryptodome==3.21.0
pydantic==2.10.6
pydantic_core==2.27.2
pyfiglet==1.0.2
Pygments==2.19.1
pytest==8.3.4
pytest-dotenv==0.5.2
pytest-factoryboy==2.7.0
pytest-lazy-fixtures==1.1.2
pytest-print @ git+https://github.com/pytest-dev/pytest-print.git@d4721d5392713b61b75d85caa91ee34d67a4ddf8
python-dateutil==2.9.0.post0
python-dotenv==1.0.1
python-magic==0.4.27
pytz==2025.1
redis==5.2.1
referencing==0.36.2
requests==2.32.3
requests-toolbelt==1.0.0
requirements-parser==0.11.0
rich==13.9.4
rich-click==1.8.5
rpds-py==0.22.3
six==1.17.0
sniffio==1.3.1
SQLAlchemy==2.0.38
sqlalchemy-mixins==2.0.5
SQLAlchemy-Utils==0.41.2
stack-data==0.6.3
testcontainers @ git+https://github.com/oelhammouchi/testcontainers-python@acc3aa8cc03cff47432ccfcb32212d65ba474c3f
tika==2.6.0
traitlets==5.14.3
types-setuptools==75.8.0.20250210
typing_extensions==4.12.2
tzdata==2025.1
Unidecode==1.3.8
urllib3==2.3.0
vine==5.1.0
waitress==3.0.2
wcwidth==0.2.13
Werkzeug==3.1.3
wrapt==1.17.2
zope.event==5.0
zope.interface==7.2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Change env var disabling OpenSearch security plugin oelhammouchi/testcontainers-python
1 participant
@oelhammouchi